• Like
Office 365 UK User Group London 4th September 2012
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Office 365 UK User Group London 4th September 2012


This is the PowerPoint presentation including both sessions at the Office 365 UK User Group held in London in September 2012

This is the PowerPoint presentation including both sessions at the Office 365 UK User Group held in London in September 2012

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • NameYour Role in the CompanyYour Role on these projectsExchange Interest – Back Ground
  • Ask Questions to Audience – By a show of hands gauge the audienceHow many people are using Office 365 ?How many people have implemented Office 365 or gone through the deployment process?What the presentation is about?Projects and Involvement
  • What does ADFS Do for Office 365Appropriate forLarger enterprise organizations with on-premises Active DirectoryProsSSO with corporate credentialsIDs mastered on premisesPassword policy controlled on premisesTwo-factor authentication solutions possibleCo-existence scenarios enabledConHigh availability server deployments required
  • Mail TipsFree/Busy Calendar SharingMessage TrackingOn boarding and OffloadingNo Outlook ReconfigurationTLS supported by TLSGAL Directory Synchronisation ServerNew Mailbox Moves direct to Office 365 cross premise
  • Secure Email Cross PremisesCentralised Management - Mailbox Migrations - Federation Settings - View All UsersMicrosoft Federation Gateway - Token Provider - Free/Busy - Rich Features - Inmarsat 2010
  • Secure Email Cross PremisesCentralised Management - Mailbox Migrations - Federation Settings - View All UsersMicrosoft Federation Gateway - Token Provider - Free/Busy - Rich Features - Inmarsat 2010
  • Secure Email Cross PremisesCentralised Management - Mailbox Migrations - Federation Settings - View All UsersMicrosoft Federation Gateway - Token Provider - Free/Busy - Rich Features - Inmarsat 2010
  • 200 -300 UserExchange 2007 InfrastructureExisting Exchange Infrastructure: 2 x Exchange 2007 in UK – Site in USMajor issue – US lost connection to the UK Exchange halted work and disrupted there productivity.
  • Identity ManagementResilient Topology High AvailabilityIssues we had with this:UPNs not matching verified domain in office365ADFS Design had to be implemented in New Data CentreDMZ Time not SynchronisedSharePoint Users – Changing UPN disruptionExchange Coexistence / Simple CoexitenceExchange Not Business Critical – 1 Exchange Coexistence ServerHUB RoleCAS RoleOWA URLS Redirection / Keep Existing Change MigratedIssues:Servers not built to latest SPTMG Configuration – Not setup CorrectlyHybrid Configuration and Proxy IssuesPurchased a Certificate with no nameMigration Showed and gave instruction manuals to client to migrate themselvesIssues:Public Folders – Still not migrate
  • Prerequisites were not meet ( Proxy Settings / Reverse Proxy / DMZ not Setup Correctly and Servers not Provisioned )Infrastructure Deployment was a success design we kept to and meet clients requirementsTraining could have been more in-depth, but client is happily migrating users and managing that part of the project.Client was very happy with the project as a whole Project was and Overall Success
  • 1800 – 2000 Users – Exchange 2003 EnvironmentThe Main Focus of this client was replace there current Mail Filtering and Anti Spam Software and replace it with FOPE.On 2003 were upgrading to 2010 or Office 365 as the next step in infrastructure upgradeReduce heavy maintenance of current exchange system.
  • Phase 1Explain Existing Mail Flow – Trend Micro and Symantec Email Filtering SystemReplace Symantec Filtering System with Office 365 FOPE2010 Server were installed Mail Flow could not come from on-premise to FOPE to the InternetPhase 2Complete the CAS Setup and Re-Run the Hybrid ConfigurationFree/Busy was more challenging to setup - Explain how it 2003 find free/busy of Office 365 1. Changed the Public Folder Referral List (Add the 2010 Public Folder on Exchange 2003) 2. Go to ADSI Edit and Change the MSExchFolderAffinityList – to the GUID of the Exchange 2010 Server not Public Folder.Microsof Federation Gateway Issue – Remove DomainMigrated some test IT users / Locked out of Outlook when we setup ADFS.Installed ForeFront Protection for Exchange
  • Prerequisites for Office 365Secure and Change Request for Exact Proxy URLs – Two Blue Coat ProxiesDesign and Implementation of New Infrastructure Highly Available Exchange Infrastructure as client was planning slow migration. Email Filtering Outbound with FOPE from On-premiseTraining and Handover to Client Client had dedicated member of staff through out project, really helped with Handover Training is On-going – Two Types of Training USER and ADMIN
  • 1100 – 1300 User – Exchange 2003Primary goal is to replace there existing 2003 environmentStorage was high and getting difficult to manageAlso want to configure Lync Online for better communicationThis client has multiple offices all over the world with many VPLS tunnels back to UK
  • ADFSStandard ADFS Build Increased Token Life TimeIssues – Servers not provisionedLooked at option of Publishing through TMGNo Split DNSECSMail Flow Design to stop any type of interruption to usersAutodiscover and Outlook Directed at the TMG internally and ExternallyIssuesSchema Updates were not complete (Change Process)Email Address Policies being - Managed Email Address Policies5.5 Email Infrastructure – Upgraded large amount of clean up requiredProxy Federation Request during Coexistence setupLatest Rollup 3 – Client had disable Microsoft update he assured me there update provider would do the updates over nightTMG - Not correctly setup as it was an internal firewall. – Had dedicated proxy team to help configuration (Unlike Cmed)
  • 5.5
  • We have create documents clearly stating perimeter settingsForward ProxyReverse ProxyFirewall All servicesComputer and Servers
  • These are new project that we are at the start ofI like to introduce these as they are using different technologies and migration process
  • Mention DriversUnstable Email PlatformComplicated Security for ExchangeRunning out of spaceLooking at both Simple Coexistence and Rich CoexistenceWe do the first project they will follow our guides to do the restThis is a client that trailed and tested Google, it was not liked.
  • Staged migrationQuick As PossibleOutlook Anywhere Setup multiple certificates
  • Seren and Foviance are mergingFoviance are already on Office 365Seren want Foviance users in AD and Seren users into Office 365.They are looking at the possibility of using a password synchronisation tool.


  • 1. Welcome to the Office 365 UK User GroupSpeakers: Liam Mann & Alan Richards 4th September 2012 Host: Matthew Hughes Venue provided by Content & Code
  • 2. Agenda 18:30 – Welcome 18:45 – Office 365 in the Real World  Liam Mann – Content & Code 19:45 – Break 20:00 – Migrating from On Premise to Office 365  Alan Richards – 21:00 – Close & Pub
  • 3. Welcome What is the point in the User Group?  Independent  Share Knowledge  Share Experience  Share the Pain & Pleasure  Network  Have a Pint and a chat with someone that understands and doesn’t nod & agree or fall sleep
  • 4. Office 365 in the Real WorldLiam Mann - Office 365 Deployment Engineer Content & Code
  • 5. Liam MannOffice 365 Deployment Engineer
  • 6. Introduction & Agenda Office 365 User Group
  • 7. Agenda Introduction Technology Briefing Project 1 Project 2 Project 3 Lesson Learned Exciting New Project Questions
  • 8. ADFS and ExchangeCoexistence with Office 365 Technical Briefing
  • 9. ADFS 2.0 Single Sign On – Office365• Like Kerberos with Cookies• Authentication kept On-premise• Allows user to use the same set of credentials• High Availability Deployment Recommended• Published Externally with ADFS Proxies• Secured by SSL Certificates
  • 10. ADFS 2.0 Single Sign On – Office365 Active Directory AD FS 2.0 AD FS 2.0 AD FS 2.0 Server Server Server Proxy AD FS 2.0 Server External Proxy User Internal User Enterprise DMZ
  • 11. Exchange Rich Coexistence• Rich Outlook Features• Secure Mail Flow• Unified GAL• Single Outlook Web App• Centralised Management of Exchange• Online Archiving
  • 12. Rich Coexistence Features Mail Flow
  • 13. Rich Coexistence Features Centralised Management
  • 14. Rich Coexistence Features Delegated Federation
  • 15. Real Life ProjectsMid-Size to Enterprise Office 365 Companies
  • 16. Cmed Clinical Services
  • 17. Cmed Design
  • 18. Issues• UPNs not matching verified domain in Office 365• ADFS 2.0 Design had to be implemented in new data centre• DMZ time not Synchronised• Domain Servers not restarted after updates• TMG Configuration – Not setup correctly• Hybrid Configuration and Proxy Issues• Purchased a Certificate with No Name
  • 19. Summary of ProjectPrerequisites of Existing InfrastructureDesign and Implementation of new InfrastructureTraining and Handover to ClientsClient Evaluation of ProjectOverall Project Success
  • 20. Wates Construction • Reduce Operation Costs • Replace Email Filtering System • Upgrade Ageing Infrastructure • Provide Better Communication across Multiple Offices “I Love Office 365”
  • 21. Wates Design Phase 1 Replace Email Filtering System Redirect Mail Flow to Office 365 Phase 2 Complete Exchange Coexistence Setup Install ForeFront Protection for Exchange Phase 3 Install and Configure SSO Training & Handover
  • 22. Issues• FOPE does not accept internet bound traffic from on-premise• Two hop migration was required from Exchange 2003• Currently no automation of pulling archive from Enterprise Vault• Free/Busy sharing more complex with Exchange 2003• WNLB with Certain Routers require Configure Static ARP
  • 23. Summary of ProjectPrerequisites for Office 365 TMG not fully configured Forward Proxy Caused DelaysDesign and Implementation of New Infrastructure Highly Available Infrastructure Email Filtering Outbound with FOPE from On-premiseTraining and Handover to ClientClient Evaluation of ProjectOverall Project Success
  • 24. Foster + Partners • Reduce Operating Costs • Upgrade aging Infrastructure • Improve Scalability and Flexibility “I Love Office 365” Architecture
  • 25. Foster and Partners Design ADFS SSO Design Exchange Coexistence Setup Mail Flow Autodiscover and OWA TMG Setup and Configuration Project On-going
  • 26. IssuesPre-existing 5.5 Exchange InfrastructureRecipient Policies / Email Address PoliciesForward Proxy issues with HybridConfiguration
  • 27. Summary of ProjectPrerequisites for Office 365 Legacy Exchange Infrastructure Specify Perimeter Settings ClearerDesign and Implementation of New InfrastructureProject so far
  • 28. Lesson Learned• Try to avoid authenticating internet access through proxy for coexistence servers• More complicated setup for Free/Busy with Exchange 2003• FOPE cannot process outgoing email from On-premise• Two stage migration required for Exchange 2003• Prepare Existing Exchange 2003 environment (Recipient Policies)• Gauge clients technical ability• Ensure all updates and patches are applied on existing and new infrastructure• TMG Flood Mitigation – Mailbox Migration• UPNs configured Correctly• Split DNS Configured Correctly
  • 29. Exciting New Projects
  • 30. Conde Nast Large UK - Global Company Rich and Simple Coexistence Assisting in Global Rollout
  • 31. Viridor Waste Management1200 UsersSimpleCoexistenceADFS SSOOutlookAnywhere
  • 32. Seren + FovianceFoviance are on Office 365Seren Users to be Migrated to Office 365Foviance Users to be added into ADPassword Synchronisation Tool
  • 33. Migrating from OnPremise to Office 365 Alan Richards MVP
  • 34. Who Am I IT Consultant Worked in education for over 18 years Led teams in the early adoption of Microsoft systems Regular presenter at events SharePoint MVP
  • 35. Topics Office 365 co-existence options Types of migration Single Signon A client migration – Real World
  • 36. Co-Existence You already have onPremise Exchange Shared Address Space  Use the same domain name for all users  OnPremise or cloud receives email  Forwards onto the other one Multiple Addresses  Use different domain names for onPremise & Cloud  Each entity receives its own email  Manage mail contacts in either onPremise or cloud
  • 37. Types Of Migration IMAP cutover: E-mail is extracted from the source mail system by IMAP, DNS MX records are changed, and workstations configured to connect to Office 365. E-mail is moved, but no contacts and calendars.
  • 38. Types Of Migration Exchange cutover: Same as IMAP but it uses RPC over HTTPS (Outlook Anywhere) to extract your entire mailbox from a legacy Exchange e- mail system (2003 or later only).
  • 39. Types Of Migration Staged coexistence: Similar to an Exchange cutover, but allows for batches of users to move at a time and for the two systems (Exchange and Office 365) to interoperate over a period of time.
  • 40. Types Of Migration Hybrid coexistence: This solution is intended for customers who require onsite and cloud e- mail systems to coexist for longer periods. Active Directory and Office 365 synchronize and single-sign-on is set up. This is the most technically complex migration method but makes for the easiest mailbox migrations, simply using the existing Exchange Management Console’s commands.
  • 41. Single Signon Use Active directory account to access Office 365 Uses Active Directory federation services  Minimum 4 servers for load balancing  Federation server & Federation proxy server  PowerShell to form ‘link’ Separate server for DirSync software DO NOT ENABLE BEFORE MIGRATION
  • 42. Real World Migration Planning  Prepare your AD  Delete users  Clean up Exchange  Empty deleted items  Empty sent items Migration type  Choose the right one for your environment  How many users  Keeping onPremise
  • 43. Real World Migration Migration takes time  400 users took 5 days  Incremental updates after full migration Complete migration  Convert mailboxes to mail enabled users  PowerShell scripts downloadable from Microsoft All migrations run from Exchange Control Panel
  • 44. Demo – Sort Of !!
  • 45. Federated Login
  • 46. Federated Login
  • 47. Exchange Control Panel
  • 48. Email Migration
  • 49. onPremise Server Details
  • 50. onPremise Server Details
  • 51. Q&A arichards_Saruk alan@sharepointedutech.com
  • 52. Thanks very much for coming and please spread the word Interested in speaking? Interested in coordinating a user group?Contact Matthew Hughes matt@sp365.co.uk